Hacking forensics

The process of detecting hacking attacks and extracting evidence to report the event and conduct audits to prevent similar future attacks (if possible). It includes techniques for detecting and reverse engineering malware and advanced persistent threats, like Finfisher.

More general and with an eye on practicality, without determining the nature of the incident, there is no way of knowing how to protect the system and its data better. Simply reinstalling the system from “clean” media or from a known-good image and placing that system back into its environment may lead to it being compromised all over again.

As with Hack to learn, the EC council's pigeon holes were useful for organising one's thoughts on the means and methods for discovering data that resides in a computer system, or recovering deleted, encrypted, or damaged file information known as computer data recovery, and identifying an intruder’s footprints. Initially adopting those pigeon holes, these pages lead to further notes and vids.